In the current world, social networks have consolidated their position as indispensable tools to maximize our visibility in professional environments through both personal and professional postings. All that information about ourselves which is available on the Internet and easily accessible to everyone through the main browsers is known as digital fingerprint. Even if it is true that some of that information can come from data breaches, it is also true that most of it is usually posted by ourselves or our close ones.
Because the main role that social networks play when it comes to maximizing not only ours but also our company’s visibility has its risks too. Something, a priori, as banal as sharing our contact details (telephone number or email address) on our professional profile can easily lead us to become potential victims of social engineering attacks. That is to say attacks based on manipulation and deception techniques in order to get critical information or money from us.
This risk is even more worrying when it comes to a corporate email address or a corporate telephone number, since the first one tends to be used as our username whilst the second one is where we receive the multi-factor authentication code. If both our corporate email address and our corporate telephone number were compromised, our company’s security could be threatened.
It is important to note that, together with our contact details, all the information we post can be used by cybercriminals to provide a reliable context to their attacks. For example, posting that we are going to attend -or that we are attending- a congress could give a cybercriminal a clue about when is the best time to contact one of our employees pretending to be us. This is quite common in the cyberattack known as ‘CEO Fraud’, on which a cybercriminal impersonates a high-ranking official or an employee of the administrative department in order to contact another employee and, afterward, ask them to make an urgent money transfer arguing some sort of strategic operation which is also critically confidential. If we had previously posted on our social networks that we are going to attend an event, the cybercriminal could use that date to launch their attack, to make it more reliable by including information such as -’as you know, I am in the congress of…’- and to take advantage of the congress attendance to justify that they cannot answer the telephone or access their corporate mailbox so that the communication must continue by answering to the email thread. That way it is less likely that the employee contacts their real superior by using a different channel and discovers the fraud.
As with posting a congress’ attendance or a trip, it is also better to avoid sharing any other piece of information that could allow cybercriminals to make up a reliable context for their attacks.
This does not mean that we no longer can take advantage of all those positive synergies generated by social networks in the professional world, since they can be safely used just by applying carefully the following recommendations:
Remember that our corporate email must not be used to create an account in non-corporate services.
Avoid sharing your contact details. The main social networks provide a contact service on the same platform.
Also, avoid sharing sensitive personal information, especially if it can be used by cybercriminals to make up reliable context for their attacks.
If you are going to travel or to attend an event, wait to be back home before posting any related content.
Finally, practice egosurfing often. This is, search your whole name, your telephone number, your email address, etc. on the main browsers to know what information about you is available on the Internet.
Cookie settings
